Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Ratstail91
|
0bc7cb11f0 | ||
|
Ratstail91
|
6859b36ae0 | ||
|
Ratstail91
|
0ce2a552d8 | ||
|
Ratstail91
|
eb64f6c2e7 | ||
|
Ratstail91
|
7429c4a1ee |
@@ -5,6 +5,8 @@ WEB_PORT=3200
|
||||
WEB_ORIGIN=http://localhost:3001
|
||||
|
||||
DB_HOSTNAME=localhost
|
||||
DB_PORTNAME=3306
|
||||
|
||||
DB_DATABASE=auth
|
||||
DB_USERNAME=auth
|
||||
DB_PASSWORD=charizard
|
||||
@@ -20,6 +22,9 @@ ADMIN_DEFAULT_USERNAME=admin
|
||||
# Give this a value to generate the default admin account (must be at least 8 characters)
|
||||
ADMIN_DEFAULT_PASSWORD=password
|
||||
|
||||
# Give this a value to generate teh default admin account (must be a valid domain name, to pass the initial email check)
|
||||
ADMIN_DEFAULT_HOSTNAME=example.com
|
||||
|
||||
# Select a "TZ database name" that suits your needs: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
|
||||
DB_TIMEZONE=Australia/Sydney
|
||||
|
||||
|
||||
+1
-1
@@ -1,5 +1,5 @@
|
||||
|
||||
FROM node:21-bookworm-slim
|
||||
FROM node:22-bookworm-slim
|
||||
WORKDIR "/app"
|
||||
COPY package*.json /app
|
||||
RUN npm install --production
|
||||
|
||||
@@ -6,7 +6,7 @@ This server is available via docker hub at krgamestudios/auth-server.
|
||||
|
||||
# Setup
|
||||
|
||||
There are multiple ways to run this app - it can run on it's own via `npm start` (for production) or `npm run dev` (for development). it can also run inside docker using `docker-compose up --build` - run `node configure-script.js` to generate docker-compose.yml and startup.sql.
|
||||
There are multiple ways to run this app - it can run on it's own via `npm start` (for production) or `npm run dev` (for development). it can also run inside docker using `docker compose up --build` - run `node configure-script.js` to generate docker-compose.yml and startup.sql.
|
||||
|
||||
# API
|
||||
|
||||
@@ -79,7 +79,7 @@ Cookie: refreshToken
|
||||
###
|
||||
|
||||
|
||||
//DOCS: Retreives the private account data, results vary
|
||||
//DOCS: Retrieves the private account data, results vary
|
||||
GET /auth/account
|
||||
Authorization: Bearer accessToken
|
||||
|
||||
|
||||
+57
-25
@@ -36,6 +36,25 @@ const question = (prompt, def = null) => {
|
||||
const resetAddress = await question('Reset Addr', `example.com/reset`);
|
||||
const appPort = await question('App Port', '3200');
|
||||
|
||||
//configure the database address
|
||||
let dbLocation = '';
|
||||
while (typeof dbLocation != 'string' || /^[le]/i.test(dbLocation[0]) == false) {
|
||||
dbLocation = await question('[l]ocal or [e]xternal database?');
|
||||
}
|
||||
|
||||
let appDBHost = '';
|
||||
let appDBPort = '';
|
||||
|
||||
if (/^[l]/i.test(dbLocation[0])) {
|
||||
appDBHost = 'database';
|
||||
appDBPort = '3306';
|
||||
}
|
||||
else {
|
||||
appDBHost = await question('DB Host');
|
||||
appDBPort = await question('DB Port', '3306');
|
||||
}
|
||||
|
||||
//configure the database account
|
||||
const appDBUser = await question('DB User', appName);
|
||||
const appDBPass = await question('DB Pass', 'charizard');
|
||||
const dbRootPass = await question('DB Root Pass');
|
||||
@@ -46,6 +65,7 @@ const question = (prompt, def = null) => {
|
||||
const appMailPhysical = await question('Mail Physical');
|
||||
|
||||
const appDefaultUser = await question('App Default User', '');
|
||||
const appDefaultHost = await question('App Default Host', '');
|
||||
const appDefaultPass = await question('App Default Pass', '');
|
||||
|
||||
const appSecretAccess = await question('Access Token Secret', uuid(32));
|
||||
@@ -55,20 +75,19 @@ const question = (prompt, def = null) => {
|
||||
|
||||
//generate the files
|
||||
const ymlfile = `
|
||||
version: '3.8'
|
||||
services:
|
||||
${appName}:
|
||||
build:
|
||||
context: .
|
||||
ports:
|
||||
- "${appPort}"
|
||||
- ${appPort}
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.${appName}router.rule=Host(\`${appWebAddress}\`)"
|
||||
- "traefik.http.routers.${appName}router.entrypoints=websecure"
|
||||
- "traefik.http.routers.${appName}router.tls.certresolver=myresolver"
|
||||
- "traefik.http.routers.${appName}router.service=${appName}service@docker"
|
||||
- "traefik.http.services.${appName}service.loadbalancer.server.port=${appPort}"
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.${appName}router.rule=Host(\`${appWebAddress}\`)
|
||||
- traefik.http.routers.${appName}router.entrypoints=websecure
|
||||
- traefik.http.routers.${appName}router.tls.certresolver=myresolver
|
||||
- traefik.http.routers.${appName}router.service=${appName}service@docker
|
||||
- traefik.http.services.${appName}service.loadbalancer.server.port=${appPort}
|
||||
environment:
|
||||
- WEB_PROTOCOL=${appWebProtocol}
|
||||
- WEB_ORIGIN=${appWebOrigin}
|
||||
@@ -76,7 +95,8 @@ services:
|
||||
- HOOK_POST_VALIDATION_ARRAY=${postValidationHookArray}
|
||||
- WEB_RESET_ADDRESS=${resetAddress}
|
||||
- WEB_PORT=${appPort}
|
||||
- DB_HOSTNAME=database
|
||||
- DB_HOSTNAME=${appDBHost}
|
||||
- DB_PORTNAME=${appDBPort}
|
||||
- DB_DATABASE=${appName}
|
||||
- DB_USERNAME=${appDBUser}
|
||||
- DB_PASSWORD=${appDBPass}
|
||||
@@ -86,17 +106,23 @@ services:
|
||||
- MAIL_PASSWORD=${appMailPass}
|
||||
- MAIL_PHYSICAL=${appMailPhysical}
|
||||
- ADMIN_DEFAULT_USERNAME=${appDefaultUser}
|
||||
- ADMIN_DEFAULT_HOSTNAME=${appDefaultHost}
|
||||
- ADMIN_DEFAULT_PASSWORD=${appDefaultPass}
|
||||
- SECRET_ACCESS=${appSecretAccess}
|
||||
- SECRET_REFRESH=${appSecretRefresh}
|
||||
volumes:
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
networks:
|
||||
- app-network
|
||||
- app-network${ appDBHost != 'database' ? '' : `
|
||||
depends_on:
|
||||
- database
|
||||
|
||||
database:
|
||||
image: mariadb:latest
|
||||
environment:
|
||||
MYSQL_DATABASE: ${appName}
|
||||
MYSQL_TCP_PORT: ${appDBPort}
|
||||
MYSQL_USER: ${appDBUser}
|
||||
MYSQL_PASSWORD: ${appDBPass}
|
||||
MYSQL_ROOT_PASSWORD: ${dbRootPass}
|
||||
@@ -105,34 +131,40 @@ services:
|
||||
volumes:
|
||||
- ./mysql:/var/lib/mysql
|
||||
- ./startup.sql:/docker-entrypoint-initdb.d/startup.sql:ro
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro`}
|
||||
|
||||
traefik_${appName}:
|
||||
container_name: ${appName}_traefik
|
||||
image: "traefik:v2.10"
|
||||
container_name: "traefik"
|
||||
image: traefik:latest
|
||||
container_name: traefik
|
||||
command:
|
||||
- "--log.level=ERROR"
|
||||
- "--api.insecure=false"
|
||||
- "--providers.docker=true"
|
||||
- "--providers.docker.exposedbydefault=false"
|
||||
- "--entrypoints.websecure.address=:443"
|
||||
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
|
||||
- "--certificatesresolvers.myresolver.acme.email=${supportEmail}"
|
||||
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
||||
- --log.level=ERROR
|
||||
- --api.insecure=false
|
||||
- --providers.docker=true
|
||||
- --providers.docker.exposedbydefault=false
|
||||
- --entrypoints.websecure.address=:443
|
||||
- --certificatesresolvers.myresolver.acme.tlschallenge=true
|
||||
- --certificatesresolvers.myresolver.acme.email=${supportEmail}
|
||||
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- 80:80
|
||||
- 443:443
|
||||
volumes:
|
||||
- "./letsencrypt:/letsencrypt"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
- ./letsencrypt:/letsencrypt
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
networks:
|
||||
- app-network
|
||||
|
||||
networks:
|
||||
app-network:
|
||||
driver: bridge
|
||||
`;
|
||||
|
||||
const dockerfile = `
|
||||
FROM node:21-bookworm-slim
|
||||
FROM node:22-bookworm-slim
|
||||
WORKDIR "/app"
|
||||
COPY package*.json ./
|
||||
RUN npm install --production
|
||||
|
||||
Generated
+238
-3059
File diff suppressed because it is too large
Load Diff
+9
-10
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "auth-server",
|
||||
"version": "1.8.5",
|
||||
"version": "1.8.7",
|
||||
"description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
|
||||
"main": "server/server.js",
|
||||
"scripts": {
|
||||
@@ -13,7 +13,7 @@
|
||||
"url": "git+https://github.com/krgamestudios/auth-server.git"
|
||||
},
|
||||
"author": "Kayne Ruse",
|
||||
"license": "ISC",
|
||||
"license": "Zlib",
|
||||
"bugs": {
|
||||
"url": "https://github.com/krgamestudios/auth-server/issues"
|
||||
},
|
||||
@@ -22,17 +22,16 @@
|
||||
"bcryptjs": "^2.4.3",
|
||||
"cookie-parser": "^1.4.6",
|
||||
"cors": "^2.8.5",
|
||||
"dotenv": "^16.3.1",
|
||||
"express": "^4.18.2",
|
||||
"dotenv": "^16.4.5",
|
||||
"express": "^4.19.2",
|
||||
"jsonwebtoken": "^9.0.2",
|
||||
"mariadb": "^3.2.3",
|
||||
"mariadb": "^3.3.0",
|
||||
"node-cron": "^3.0.3",
|
||||
"node-fetch": "^2.7.0",
|
||||
"nodemailer": "^6.9.7",
|
||||
"npm": "^9.9.2",
|
||||
"sequelize": "^6.35.2"
|
||||
"node-fetch": "^3.3.2",
|
||||
"nodemailer": "^6.9.13",
|
||||
"sequelize": "^6.37.3"
|
||||
},
|
||||
"devDependencies": {
|
||||
"nodemon": "^3.0.2"
|
||||
"nodemon": "^3.1.0"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@ module.exports = async () => {
|
||||
await sequelize.sync(); //this whole file is just one big BUGFIX
|
||||
|
||||
//validate env variables
|
||||
if (!process.env.ADMIN_DEFAULT_USERNAME || !process.env.ADMIN_DEFAULT_PASSWORD) {
|
||||
if (!process.env.ADMIN_DEFAULT_USERNAME || !process.env.ADMIN_DEFAULT_HOSTNAME || !process.env.ADMIN_DEFAULT_PASSWORD) {
|
||||
//skip this if arguments are missing
|
||||
return;
|
||||
}
|
||||
@@ -25,9 +25,8 @@ module.exports = async () => {
|
||||
});
|
||||
|
||||
if (adminRecord == null) {
|
||||
const webAddress = process.env.WEB_ADDRESS == 'localhost:3000' ? 'example.com' : process.env.WEB_ADDRESS; //can't log in as "localhost"
|
||||
await accounts.create({
|
||||
email: `${process.env.ADMIN_DEFAULT_USERNAME}@${webAddress}`,
|
||||
email: `${process.env.ADMIN_DEFAULT_USERNAME}@${process.env.ADMIN_DEFAULT_HOSTNAME}`,
|
||||
username: `${process.env.ADMIN_DEFAULT_USERNAME}`,
|
||||
hash: await bcrypt.hash(`${process.env.ADMIN_DEFAULT_PASSWORD}`, await bcrypt.genSalt(11)),
|
||||
type: 'normal',
|
||||
@@ -35,6 +34,6 @@ module.exports = async () => {
|
||||
mod: true
|
||||
});
|
||||
|
||||
console.warn(`Created default admin account (email: ${process.env.ADMIN_DEFAULT_USERNAME}@${webAddress}; password: ${process.env.ADMIN_DEFAULT_PASSWORD})`);
|
||||
console.warn(`Created default admin account (email: ${process.env.ADMIN_DEFAULT_USERNAME}@${process.env.ADMIN_DEFAULT_HOSTNAME}; password: ${process.env.ADMIN_DEFAULT_PASSWORD})`);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -27,7 +27,7 @@ router.use(tokenDecode);
|
||||
router.use(async (req, res, next) => {
|
||||
const record = await accounts.findOne({
|
||||
where: {
|
||||
email: req.user.email || ''
|
||||
email: req.user?.email || ''
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
const { pendingSignups, accounts } = require('../database/models');
|
||||
const fetch = require('node-fetch');
|
||||
const fetch = (...args) => import('node-fetch').then(({default: fetch}) => fetch(...args));
|
||||
const jwt = require('jsonwebtoken');
|
||||
|
||||
//auth/validation
|
||||
|
||||
@@ -2,11 +2,10 @@ const Sequelize = require('sequelize');
|
||||
|
||||
const sequelize = new Sequelize(process.env.DB_DATABASE, process.env.DB_USERNAME, process.env.DB_PASSWORD, {
|
||||
host: process.env.DB_HOSTNAME,
|
||||
port: process.env.DB_PORTNAME,
|
||||
dialect: 'mariadb',
|
||||
timezone: process.env.DB_TIMEZONE,
|
||||
logging: process.env.DB_LOGGING ? console.log : false
|
||||
});
|
||||
|
||||
sequelize.sync();
|
||||
|
||||
module.exports = sequelize;
|
||||
@@ -41,4 +41,5 @@ app.get('*', (req, res) => {
|
||||
server.listen(process.env.WEB_PORT || 3200, async (err) => {
|
||||
await database.sync();
|
||||
console.log(`listening to localhost:${process.env.WEB_PORT || 3200}`);
|
||||
console.log(`database located at ${process.env.DB_HOSTNAME || '<default>'}:${process.env.DB_PORTNAME || '<default>'}`);
|
||||
});
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#use this while debugging
|
||||
CREATE DATABASE IF NOT EXISTS auth;
|
||||
CREATE USER IF NOT EXISTS 'auth'@'%' IDENTIFIED BY 'charizard';
|
||||
CREATE DATABASE auth;
|
||||
CREATE USER 'auth'@'%' IDENTIFIED BY 'charizard';
|
||||
GRANT ALL PRIVILEGES ON auth.* TO 'auth'@'%';
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import React, { useState, useEffect, createContext } from 'react';
|
||||
import decode from 'jwt-decode';
|
||||
import { jwtDecode } from 'jwt-decode';
|
||||
|
||||
export const TokenContext = createContext();
|
||||
|
||||
@@ -31,7 +31,7 @@ const TokenProvider = props => {
|
||||
let bearer = accessToken;
|
||||
|
||||
//if expired (10 minutes, normally)
|
||||
const expired = new Date(decode(accessToken).exp) < Date.now() / 1000;
|
||||
const expired = new Date(jwtDecode(accessToken).exp) < Date.now() / 1000;
|
||||
|
||||
if (expired) {
|
||||
//BUGFIX: if logging out, just skip over the refresh token
|
||||
@@ -86,7 +86,7 @@ const TokenProvider = props => {
|
||||
let bearer = accessToken;
|
||||
|
||||
//if expired (10 minutes, normally)
|
||||
const expired = new Date(decode(accessToken).exp) < Date.now() / 1000;
|
||||
const expired = new Date(jwtDecode(accessToken).exp) < Date.now() / 1000;
|
||||
|
||||
if (expired) {
|
||||
//ping the auth server for a new token
|
||||
@@ -119,7 +119,7 @@ const TokenProvider = props => {
|
||||
};
|
||||
|
||||
return (
|
||||
<TokenContext.Provider value={{ accessToken, setAccessToken, tokenFetch, tokenCallback, getPayload: () => decode(accessToken) }}>
|
||||
<TokenContext.Provider value={{ accessToken, setAccessToken, tokenFetch, tokenCallback, getPayload: () => jwtDecode(accessToken) }}>
|
||||
{props.children}
|
||||
</TokenContext.Provider>
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user